Attorney Docket No. P18132-US1 
AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims 

1 . (Currently amended) An Identity Generator device arranged for 
generating a user's service indicator for a user to access a number of services offered 
by a service provider through a network operator where user data for the user are 
accessible in a user directory system , this user's service indicator being usable between 
the service provider domain and the network operator domain to unambiguously identify 
the user at each respective domain, the Identity Generator device comprising: 

- means for obtaining a master user's identifier usable to identify the user at the 
operator's network; 

- means for obtaining a service identifier, indicative of services to be accessed at 
the service provider; and 

- means for constructing a user's service indicator that includes the master user's 
identifier and the service identifier; 

wherein the user's service indicator is opaque outside the Identity Generator 
device, which further comprises: 

a Decomposer component having means for carrying out a reverse 
generation to obtain a master user's identifier from a given user's service 
indicator: and 

means for verifying the validity of the given user's service indicator by 
making use of the master user's identifier as a search key towards the user 
directory system . 

2. (Previously Presented) The Identity Generator device of claim 1 , 
wherein the service identifier, indicative of services to be accessed at the service 
provider, comprises at least one element selected from: a service provider indicator, 
and a number of service indicators. 
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3. (Previously Presented) The Identity Generator device of claim 1 , 
further comprising: 

- means for obtaining at least one element selected from: network operator 
identifier, auxiliary value, expiry time, and integrity code; and 

- means for including the at least one element into the user's service indicator. 

4. (Previously Presented) The Identity Generator device of claim 1 , 
wherein the master user's identifier is built up as a function of a real user identity. 

5. (Previously Presented) The Identity Generator device of claim 1 , 
further comprising means for carrying out a symmetric cipher of the user's service 
indicator using a ciphering key. 

6. (Previously Presented) The Identity Generator device of claim 5, 
wherein the ciphering key is unique for all the applicable service providers. 

7. (Previously Presented) The Identity Generator device of claim 5, 
wherein the ciphering key is different per each service provider. 

8. (Canceled) 

9. (Canceled) 

10. (Canceled) 

1 1 . (Canceled) 

12. (Canceled) 

1 3. (Canceled) 
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1 4. (Previously Presented) A method for generating at an Identity 
Generator device of a network operator a user's service indicator intended for a user to 
access a number of services offered by a service provider through a network operator 
where user data for the user are accessible in a user directory system , this user's 
service indicator being usable between the service provider domain and the network 
operator domain to unambiguously identify the user at each respective domain, the 
method comprising the steps of: 

obtaining a master user's identifier usable to identify the user at the operator's 
network; 

obtaining a service identifier, indicative of services to be accessed at the service 
provider; and 

constructing a user's service indicator that includes the master user's identifier 
and the service identifie r; and 

wherein the constructed user's service indicator is opaque outside the 
Identity Generator device, the method further comprising: 

carrying out a reverse generation to obtain the master user's 
identifier from the given user's service indicator; and 

verifying the validity of the given user's service indicator by making 
use of the master user's identifier as a search key towards the user 
directory system . 

1 5. (Previously Presented) The method of claim 14, wherein the step of 
obtaining a service identifier includes obtaining at least one element selected from: a 
service provider indicator, and a number of service indicators. 

16. (Previously Presented) The method of claim 14, further comprising: 
obtaining at least one element selected from: network operator identifier, auxiliary 

value, expiry time, and integrity code ; and 

including the at least one element into the user's service indicator. 
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1 7. (Previously Presented) The method of claim 14, wherein the step of 
obtaining a master user's identifier includes a step of applying a function to a real user 
identity. 

18. (Previously Presented) The method of claim 14, further comprising 
carrying out a symmetric cipher of the user's service indicator using a ciphering key. 

1 9. (Previously Presented) The method of claim 1 8, wherein the ciphering 
key is unique for all the applicable service providers. 

20. (Previously Presented) The method of claim 1 8, wherein the ciphering 
key is different per each service provider. 

21 . (Previously Presented) The method of claim 20, further comprising 
determining a service provider issuing a communication based on a given user's service 
indicator. 

22. (Canceled) Tho m o thod of cla i m 14, furthor carrying out a reverse 
gonoration to obtain tho mastor us e r's identifier from a g i von usor's sorvico i nd i cator . 

23. (Currently amended) T_he [[An]] Identity Generator device of claim 1 . 
wherein for g e n e r a ting a user's s e rvic e i ndicator for a us e r to acc e ss a numb e r of 
corvicos offorod by a sorv i co provider through a network operator wher e user data for 
tho usor aro accossiblo, this usor's serv i c e indicator bo i ng usab lo botw o on tho sorvico 
provid e r doma i n and th e n e twork operator doma i n to unambiguously i d e nt i fy th e us e r at 
oach rospoctiv o doma i n, the Identity Generator device compr i sing: 

moans for obta i n i ng a master us e r's idontifior usablo to identify tho user at the 
operator's network; 



for obta i n i ng 



idont i f i or, indicative of services to bo accessod at 
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moariD for constructing a user's sorvic e i ndicator th a t i nclud e s tho master user's 
idontifior and tho serv i ce i dont i fior, wh e r e in sa i d Identity Gonorator device is integrated 
in, or in close cooperation with, [[and]] an entity of an identity provider network where 
the user data is accessible . 

24. (Canceled) 

25. (Currently amended) The Identity Generator device of claim 23 
[[24]], wherein the entity is a Central Provisioning Entity responsible for provisioning 
tasks in the operator's network. 

26. (Currently amended) The Identity Generator device of claim 23 
[[24]], wherein the entity is a User Directory System storing user data. 

27. (Currently amended) The Identity Generator device of claim 23 
[[24]], wherein the entity is a Border Gateway placed at the border of the operator 
domain. 

28. (Previously Presented) The Identity Generator device of claim 27, 
wherein the Border Gateway is an entity selected from: an HTTP Proxy, a WAP 
Gateway, and a Messaging Gateway. 

29. (Canceled) 

30. (New) The Identity Generator device of claim 1 , wherein the means for 
carrying out a reverse generation in the Decomposer component comprises means for 
obtaining the service identifier used to generate the given user's service indicator. 

31 . (New) The Identity Generator device of claim 1 , wherein the means for 
carrying out a reverse generation in the Decomposer component further comprises 
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means for obtaining at least one element selected from: network operator identifier, and 
ciphering key used to generate the given user's service indicator. 

32. (New) The Identity Generator device of claim 1 , wherein the means for 
carrying out a reverse generation in the Decomposer component further comprises: 
means for obtaining applicable expiry time criteria; and 
means for verifying the validity of a given temporary user's service indicator 
against said expiry time criteria. 
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